Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments
Virtual Trusted Platform Modules (vTPMs) are widely adopted in commercial cloud platforms such as VMware Cloud, Google Cloud, Microsoft Azure, and Amazon AWS. However, as software-based components, vTPMs do not provide the same security guarantees as hardware TPMs. The existing solutions attempt to...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-05-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/10/5698 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850257358176911360 |
|---|---|
| author | Marcela Santos Reinaldo Gomes |
| author_facet | Marcela Santos Reinaldo Gomes |
| author_sort | Marcela Santos |
| collection | DOAJ |
| description | Virtual Trusted Platform Modules (vTPMs) are widely adopted in commercial cloud platforms such as VMware Cloud, Google Cloud, Microsoft Azure, and Amazon AWS. However, as software-based components, vTPMs do not provide the same security guarantees as hardware TPMs. The existing solutions attempt to mitigate this limitation by anchoring vTPMs to physical TPMs, but such approaches often face challenges in heterogeneous environments and in failure recovery or migration scenarios. Meanwhile, the evolution of data center architectures toward hyperconverged infrastructures introduces new opportunities for security mechanisms by integrating compute, storage, and networking into a single solution. This work proposes a novel mechanism to securely anchor vTPMs in hyperconverged environments. The proposed approach introduces a unified software layer capable of aggregating and managing the physical TPMs available in the data center, establishing a root of trust for vTPM anchoring. It supports scenarios where hardware TPMs are not uniformly available and enables anchoring replication for critical systems. The solution was implemented and evaluated in terms of its performance impact. The results show low computational overhead, albeit with an increase in anchoring time due to the remote anchoring process. |
| format | Article |
| id | doaj-art-d09eb32012a64c0cb33691c6d08425d3 |
| institution | OA Journals |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-d09eb32012a64c0cb33691c6d08425d32025-08-20T01:56:25ZengMDPI AGApplied Sciences2076-34172025-05-011510569810.3390/app15105698Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged EnvironmentsMarcela Santos0Reinaldo Gomes1Academic Unit of Systems and Computing, Federal University of Campina Grande (UFCG), Campina Grande 58429-970, PB, BrazilAcademic Unit of Systems and Computing, Federal University of Campina Grande (UFCG), Campina Grande 58429-970, PB, BrazilVirtual Trusted Platform Modules (vTPMs) are widely adopted in commercial cloud platforms such as VMware Cloud, Google Cloud, Microsoft Azure, and Amazon AWS. However, as software-based components, vTPMs do not provide the same security guarantees as hardware TPMs. The existing solutions attempt to mitigate this limitation by anchoring vTPMs to physical TPMs, but such approaches often face challenges in heterogeneous environments and in failure recovery or migration scenarios. Meanwhile, the evolution of data center architectures toward hyperconverged infrastructures introduces new opportunities for security mechanisms by integrating compute, storage, and networking into a single solution. This work proposes a novel mechanism to securely anchor vTPMs in hyperconverged environments. The proposed approach introduces a unified software layer capable of aggregating and managing the physical TPMs available in the data center, establishing a root of trust for vTPM anchoring. It supports scenarios where hardware TPMs are not uniformly available and enables anchoring replication for critical systems. The solution was implemented and evaluated in terms of its performance impact. The results show low computational overhead, albeit with an increase in anchoring time due to the remote anchoring process.https://www.mdpi.com/2076-3417/15/10/5698virtual trusted platform module (vTPM)hyperconverged infrastructure (HCI)trusted platforms and trustworthy infrastructuresattestation and interoperabilitydata centervirtualization |
| spellingShingle | Marcela Santos Reinaldo Gomes Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments Applied Sciences virtual trusted platform module (vTPM) hyperconverged infrastructure (HCI) trusted platforms and trustworthy infrastructures attestation and interoperability data center virtualization |
| title | Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments |
| title_full | Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments |
| title_fullStr | Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments |
| title_full_unstemmed | Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments |
| title_short | Strengthening Trust in Virtual Trusted Platform Modules: Integrity-Based Anchoring Mechanism for Hyperconverged Environments |
| title_sort | strengthening trust in virtual trusted platform modules integrity based anchoring mechanism for hyperconverged environments |
| topic | virtual trusted platform module (vTPM) hyperconverged infrastructure (HCI) trusted platforms and trustworthy infrastructures attestation and interoperability data center virtualization |
| url | https://www.mdpi.com/2076-3417/15/10/5698 |
| work_keys_str_mv | AT marcelasantos strengtheningtrustinvirtualtrustedplatformmodulesintegritybasedanchoringmechanismforhyperconvergedenvironments AT reinaldogomes strengtheningtrustinvirtualtrustedplatformmodulesintegritybasedanchoringmechanismforhyperconvergedenvironments |